Some applications are known to use large, dynamic port ranges during operation (e.g., Microsoft Active Directory). Activity from these applications can come from one or many ports in a range of thousands. To ensure security does not break application functionality, firewalls and network-based solutions must account for these dynamic port ranges and compromise security with policy that leaves the entire port range open.
The unique architecture and policy model of Illumio ASP allows for real-time insights into active ports and processes on the workload, simplified policy creation that can be tied to a specific process, and adaptive segmentation that can be applied in real time down to the port level (nano-segmentation).
Illumio adaptive segmentation policy is defined using declarative, natural language that is easy to create and easy for all security, infrastructure, or application teams to understand.
Illumio collects context from each host in real time, including details on currently active ports and processes for security that adapts and eliminates the need to compromise protection in favor of application functionality.